Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

as requested, log file from my pc after running scans


  • Please log in to reply
3 replies to this topic

#1 ~overkill~

~overkill~

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 July 2005 - 12:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:13:39 AM, on 7/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\hijack this\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jeff\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jeff\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {82C7D081-C311-4C60-8EC6-672D89BE251F} - C:\WINDOWS\System32\lbmn.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm070
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Filter: text/html - {4AC390CB-945E-4F6D-A3D8-EC2F9E4EA586} - C:\WINDOWS\System32\lbmn.dll
O18 - Filter: text/plain - {4AC390CB-945E-4F6D-A3D8-EC2F9E4EA586} - C:\WINDOWS\System32\lbmn.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

as soon as i hit the net, se.dll wanted access....i told it to kiss my ass

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 July 2005 - 09:03 AM

Hi ~overkill~ and Welcome to the Bleeping Computer!


Copy these Instructions to Notepad and Save them to your Desktop,you will need them in Safe Mode!

Please Download these utilities but dont run them until I ask you to!

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot into Safe Mode!)

The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"


Now Scan the System with Ewido-> Be sure to "Clean" everything it finds and Make sure to Click the Tab to "Save a Report"!


Now Run SpSeHjfix112 again,just as you did before!

Save the Report it generates and when it Reboots the PC,Reboot back in Normal Mode and Have the PC scanned here

Panda Active Scan
http://www.pandasoftware.com/products/acti...n_principal.htm

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


In the next post,place both logs from SpSeHjfix112!

Make another post after that and place a fresh HijackThis log and the reports from Ewido and Panda!

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 July 2005 - 09:03 AM

Hi ~overkill~ and Welcome to the Bleeping Computer!


Copy these Instructions to Notepad and Save them to your Desktop,you will need them in Safe Mode!

Please Download these utilities but dont run them until I ask you to!

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot into Safe Mode!)

The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"


Now Scan the System with Ewido-> Be sure to "Clean" everything it finds and Make sure to Click the Tab to "Save a Report"!


Now Run SpSeHjfix112 again,just as you did before!

Save the Report it generates and when it Reboots the PC,Reboot back in Normal Mode and Have the PC scanned here

Panda Active Scan
http://www.pandasoftware.com/products/acti...n_principal.htm

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


In the next post,place both logs from SpSeHjfix112!

Make another post after that and place a fresh HijackThis log and the reports from Ewido and Panda!

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 July 2005 - 09:04 AM

Hi ~overkill~ and Welcome to the Bleeping Computer!


Copy these Instructions to Notepad and Save them to your Desktop,you will need them in Safe Mode!

Please Download these utilities but dont run them until I ask you to!

Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!

CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Run SpSeHjfix112

Click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot into Safe Mode!)

The tool creates a log of the fix which will appear in the new folder!
Please Save that Log,I may ask to see it!


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"


Now Scan the System with Ewido-> Be sure to "Clean" everything it finds and Make sure to Click the Tab to "Save a Report"!


Now Run SpSeHjfix112 again,just as you did before!

Save the Report it generates and when it Reboots the PC,Reboot back in Normal Mode and Have the PC scanned here

Panda Active Scan
http://www.pandasoftware.com/products/acti...n_principal.htm

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


In the next post,place both logs from SpSeHjfix112!

Make another post after that and place a fresh HijackThis log and the reports from Ewido and Panda!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users